CVE-2025-61602

High CVSS: 7.5

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.

Vendor

Bigbluebutton

Product

Bigbluebutton

CWE

CWE-703

Yayın Tarihi

2025-10-09 21:15:39

Güncelleme

2025-10-20 15:36:03

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-703 Bigbluebutton HIGH Bigbluebutton 2025

Referanslar

https://github.com/bigbluebutton/bigbluebutton/pull/23651 https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-45j2-m26c-3pcm https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-45j2-m26c-3pcm

Benzer Kayıtlar

Medium

CVE-2026-27736

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received wi…

High

CVE-2026-27466

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server…

Low

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the m…

High

CVE-2025-61601

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 a…

High

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a St…